Changes osFunction permissions again. Allow_ with a list of UUIDs now again

refers to prim OWNERS. A new option set, Creators_, is added to allow
selection by script creator. For existing installs, this means no functional
change. The warning from my prior commit doesn't apply anymore.
avinationmerge
Melanie Thielker 2010-05-30 15:46:54 +02:00
parent 59a5367433
commit 890f3cc54c
2 changed files with 58 additions and 17 deletions

View File

@ -105,6 +105,18 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
// modification of user data, or allows the compromise of
// sensitive data by design.
class FunctionPerms
{
public List<UUID> AllowedCreators;
public List<UUID> AllowedOwners;
public FunctionPerms()
{
AllowedCreators = new List<UUID>();
AllowedOwners = new List<UUID>();
}
}
[Serializable]
public class OSSL_Api : MarshalByRefObject, IOSSL_Api, IScriptApi
{
@ -117,7 +129,7 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
internal ThreatLevel m_MaxThreatLevel = ThreatLevel.VeryLow;
internal float m_ScriptDelayFactor = 1.0f;
internal float m_ScriptDistanceFactor = 1.0f;
internal Dictionary<string, List<UUID> > m_FunctionPerms = new Dictionary<string, List<UUID> >();
internal Dictionary<string, FunctionPerms > m_FunctionPerms = new Dictionary<string, FunctionPerms >();
public void Initialize(IScriptEngine ScriptEngine, SceneObjectPart host, uint localID, UUID itemID)
{
@ -217,31 +229,33 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
if (!m_FunctionPerms.ContainsKey(function))
{
string perm = m_ScriptEngine.Config.GetString("Allow_" + function, "");
if (perm == "")
FunctionPerms perms = new FunctionPerms();
m_FunctionPerms[function] = perms;
string ownerPerm = m_ScriptEngine.Config.GetString("Allow_" + function, "");
string creatorPerm = m_ScriptEngine.Config.GetString("Creators_" + function, "");
if (ownerPerm == "" && creatorPerm == "")
{
m_FunctionPerms[function] = null; // a null value is default
// Default behavior
perms.AllowedOwners = null;
perms.AllowedCreators = null;
}
else
{
bool allowed;
if (bool.TryParse(perm, out allowed))
if (bool.TryParse(ownerPerm, out allowed))
{
// Boolean given
if (allowed)
{
m_FunctionPerms[function] = new List<UUID>();
m_FunctionPerms[function].Add(UUID.Zero);
// Allow globally
perms.AllowedOwners.Add(UUID.Zero);
}
else
m_FunctionPerms[function] = new List<UUID>(); // Empty list = none
}
else
{
m_FunctionPerms[function] = new List<UUID>();
string[] ids = perm.Split(new char[] {','});
string[] ids = ownerPerm.Split(new char[] {','});
foreach (string id in ids)
{
string current = id.Trim();
@ -250,7 +264,20 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
if (UUID.TryParse(current, out uuid))
{
if (uuid != UUID.Zero)
m_FunctionPerms[function].Add(uuid);
perms.AllowedOwners.Add(uuid);
}
}
ids = creatorPerm.Split(new char[] {','});
foreach (string id in ids)
{
string current = id.Trim();
UUID uuid;
if (UUID.TryParse(current, out uuid))
{
if (uuid != UUID.Zero)
perms.AllowedCreators.Add(uuid);
}
}
}
@ -266,8 +293,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
//
// To allow use by anyone, the list contains UUID.Zero
//
if (m_FunctionPerms[function] == null) // No list = true
if (m_FunctionPerms[function].AllowedOwners == null)
{
// Allow / disallow by threat level
if (level > m_MaxThreatLevel)
OSSLError(
String.Format(
@ -276,8 +304,15 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
}
else
{
if (!m_FunctionPerms[function].Contains(UUID.Zero))
if (!m_FunctionPerms[function].AllowedOwners.Contains(UUID.Zero))
{
// Not anyone. Do detailed checks
if (m_FunctionPerms[function].AllowedOwners.Contains(m_host.OwnerID))
{
// prim owner is in the list of allowed owners
return;
}
TaskInventoryItem ti = m_host.Inventory.GetInventoryItem(m_itemID);
if (ti == null)
{
@ -285,9 +320,9 @@ namespace OpenSim.Region.ScriptEngine.Shared.Api
String.Format("{0} permission error. Can't find script in prim inventory.",
function));
}
if (!m_FunctionPerms[function].Contains(ti.CreatorID))
if (!m_FunctionPerms[function].AllowedCreators.Contains(ti.CreatorID))
OSSLError(
String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function.",
String.Format("{0} permission denied. Script creator is not in the list of users allowed to execute this function and prim owner also has no permission.",
function));
if (ti.CreatorID != ti.OwnerID)
{

View File

@ -985,6 +985,12 @@
; Comma separated list of UUIDS allows the function for that list of UUIDS
; Allow_osSetRegionWaterHeight = 888760cb-a3cf-43ac-8ea4-8732fd3ee2bb
; You can also use script creators as the uuid
; Creators_osSetRegionWaterHeight = <uuid>, ...
; If both Allow_ and Creators_ are given, effective permissions
; are the union of the two.
; Allow for llCreateLink and llBreakLink to work without asking for permission
; only enable this in a trusted environment otherwise you may be subject to hijacking
; AutomaticLinkPermission = false